How to do it...

We chose ZAP for this exercise as it can monitor, intercept, and repeat WebSockets messages. Burp Suite can monitor WebSockets communication; however, it doesn't have the ability to intercept, modify, and replay messages:

  1. Configure your browser to use ZAP as a proxy, and in ZAP, enable the WebSockets tab by clicking on the plus icon in the bottom panel:
  1. Now, in the browser go to http://dvws.local/DVWS/ and select Stored XSS from the menu:

  1. Enter some comments and change to ZAP. In the History tab, look for for a request ...

Get Kali Linux Web Penetration Testing Cookbook - Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.